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UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark OCBce 

Address: COMMISSIONER FOR PATENTS 



NOTICE OF ALLOWANCE AND FEE(S) DUE 



61834 7590 06/02/2008 | 

DREIER LLP yalew, fikremariam a 



499 PARK AVE art unit paper number 
NEW YORK, NY 10022 ' — ' 



DATE MAILED: 06/02/2008 



I APPLICATION NO. [ FILING DATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. j CONFIRMATION NO. 

10/649,804 08/26/2003 IvenConnaiy 600323-086 6001 

TITLE OF INVENTION: DETERMINING THREAT LEVEL ASSOCIATED WITH NETWORK ACTIVITY 



I APPLN. TYPE I SMALL ENTITY | ISSLTE FEE DUE | PUBLICATION' FEE DUE | PREV. PAID ISSUE HiE | TOTAL FEE(S) DUE | DATE DUE | 

nonprovisional NO $1440 $300 $0 $1740 09/02/2008 

THE APPLICATION IDENTIFIED ABOVE HAS BEEN EXAMINED AND IS ALLOWED FOR ISSUANCE AS A PATENT. 
PROSECUTION ON THE MERITS Ig CLOSED . THIS NOTICE OF ALLOWANCE IS NOT A GRANT OF PATENT RIGHTS. 
THIS APPLICATION IS SUBJECT TO WITHDRAWAL FROM ISSUE AT THE INITIATIVE OF THE OFFICE OR UPON 
PETITION BY THE APPLICANT. SEE 37 CFR 1.313 AND MPEP 1308. 

THE ISSUE FEE AND PUBLICATION FEE (IF REQUIRED) MUST BE PAID WITHIN THREE MONTHS FROM THE 
MAILING DATE OF THIS NOTICE OR THIS APPLICATION SHALL BE REGARDED AS ABANDONED. THIS 
STATUTORY PERIOD CANNOT BE EXTENDED . SEE 35 U.S.C. 151. THE ISSUE FEE DUE INDICATED ABOVE DOES 
NOT REFLECT A CREDIT FOR ANY PREVIOUSLY PAID ISSUE FEE IN THIS APPLICATION. IF AN ISSUE FEE HAS 
PREVIOUSLY BEEN PAID IN THIS APPLICATION (AS SHOWN ABOVE), THE RETURN OF PART B OF THIS FORM 
WILL BE CONSIDERED A REQUEST TO REAPPLY THE PREVIOUSLY PAID ISSUE FEE TOWARD THE ISSUE FEE NOW 
DUE. 



HOW TO REPLY TO THIS NOTICE: 



I. Review the SMALL ENTITY status shown above. 

If the SMALL ENTITY is shown as YES, verify your current 
SMALL ENTITY status: 

A. If the Status is the same, pay the TOTAL FEE(S) DUE shown 
above. 

B. If the status above is to be removed, check box 5b on Part B - 
Fee(s) Transmittal and pay the PUBLICATION FEE (if required) 
and twice the amount of the ISSUE FEE shown above, or 



If the SMALL ENTITY is shown as NO: 



A. Pay TOTAL FEE(S) DUE shown above, or 



B. If applicant claimed SMALL ENTITY status before, or is now 
claiming SMALL ENTITY status, check box 5a on Part B - Fee(s) 
Transmittal and pay the PUBLICATION FEE (if required) and 1/2 
the ISSUE FEE shown above. 



II. PART B - FEE(S) TRANSMITTAL, or its equivalent, must be completed and returned to the United States Patent and Trademark Office 
(USPTO) with your ISSUE FEE and PUBLICATION FEE (if required). If you are charging the fee(s) to your deposit account, section "4b" 
of Part B - Fee(s) Transmittal should be completed and an extra copy of the form should be submitted. If an equivalent of Part B is filed, a 
request to reapply a previously paid issue fee must be clearly made, and delays in processing may occur due to the difficulty in recognizing 
the paper as an equivalent of Part B. 

III. All communications regarding this appUcation must give the application number. Please direct all communications prior to issuance to 
Mail Stop ISSUE FEE unless advised to the contrary. 

IMPORTANT REMINDER: UtUity patents issuing on applications filed on or after Dec. 12, 1980 may require payment of 
maintenance fees. It is patentee's responsibUity to ensure timely payment of maintenance fees when due. 
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PART B - FEE(S) TRANSMITTAL 

Complete and send this form, together with applicable fee(s), to: Mail Mail Stop ISSUE FEE 

Commissioner for Patents 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
or Fax (571)-273-2885 



INSTRUCTIONS: This form should be used for transmitting the ISSI E FEE and PI BLICATIOX EEE 
appropriate. All further correspondence including the Patent, advance orders and notification of maintenanc 
indicated unless corrected below or directed otherwise in Block 1, by (a) specifying a new cor 
'.e fee notifications. 



required). Blocks 1 through 5 should be completed whs 
nee lees will be mailed to the current correspondence address 
:e address; and/or (b) indicating a separate "FEE ADDRESS" i 



be used for domestic mailings of the 
ot be used for any other accompanying 
n assignment or formal drawing, must 



61834 7590 

DREIER LLP 
499 PARK AVE 
NEW YORK, NY 10022 



Fee(s) Transmittal. This certificate c 
papers. Each additional paper, such 
have its own certificate of maiUng oi 

Certificate of Mailing or Transmission 
I hereby certify that this Feefs} Transmittal is being deposited with the United 
States Postal Service with sufficient postage for first class mail in an envelope 
addressed to the Mail Stop ISSUE FEE address above, or being facsimile 
transmitted to the USPTO (571) 273-2885, on the date indicated below. 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/649,804 08/26/2003 Iven Connary 

TITLE OF INVENTION: DETERMINING THREAT LEVEL ASSOCIATED WITH NETWORK ACTIVITY 



APPLN. TYPE 



SMALL ENTITY 



ISSLIE FEE DUE PUBLICATION FEE DUE PREV. PAID ISSUE FEE TOTAL FEE(S) DUE 



YALEW, FIKREMARIAM A 



CFR 1.363). 
□ (■ 



ar indication of "Fee Address" (37 



CLASS-SUBCLASS 



2. For printing on the patent front page, list 



(2) the name of a single firm (having a 
registered attorney or agent) and the ni 
2 registered patent attorneys or agents, 
listed, no name will be printed. 



3. ASSIGNEE NAME AND RESIDENCE DATA TO BE PRINTED ON THE PATENT (print or type) 



recordation as 
(A) NAME OF ASSIGNEE 



(B) RESIDENCE: (CITY and STATE OR COUNTRY) 



Please check the appropriate assignee category or categories (will not be printed on the patent) : Q Individual Q Corporation or other private group entity Q Government 

4a. The following fee(s) are submitted: 4b. Payment of Fee(s): (Please first reapply any previously paid issue fee shown above) 

Q Issue Fee Q A check is enclosed. 

□ Pubhcation Fee (No small entity discount permitted) □ Payment by credit card. Form PTO-2038 is attached. 

Q Advance Order - # of Copies 



overpayment, to Deposit Account Number _ 



5. Change in Entity Status (from status indicated above) 

□ a. AppUcant claims SMALL ENTITY status. See 37 CFR 1.27. □ b. Applicant is no longer claiming SMALL ENTITY status. See 37 CFR 1.27(g)(2). 



3r the assignee or other party in 



Authorized Signature _ 
Typed or printed name _ 



This collection of information is required by 37 CFR 1.31 1. The information is required to obtain or retain a benefit by the pubhc which is to file (and by the USPTO to process) 
an apphcation. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 12 minutes to complete, including gathering, preparing, and 
submitting the completed apphcation form to the USPTO. Time will vary depending upon the individual case. Any comments on the amount of time you require to complete 
this form and/or suggestions for reducing this burden, should be sent to the Chief Intormation Officer, U.S. Patent and Trademark Office, U.S. Department of Commerce, P.O. 
Box 1450, Alexandria, Virginia 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, 
Alexandria, Virginia 22313-1450. 

Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. 
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APPLICATION NO. [ FILING DATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. | CONFIRMATION NO. 

10/649,804 08/26/2003 Iven Connaiy 600323-086 6001 

06/02/2008 I EXAMINER 

DREIER LLP yalew, fikremariam a 

499 PARK AVE art unit paper number 

NEW YORK, NY 10022 ' — ' 



DATE MAILED: 06/02/2008 



Determination of Patent Term Adjustment mider 35 U.S.C. 154 (b) 

(application filed on or after May 29, 2000) 

The Patent Term Adjustment to date is 820 day(s). If the issue fee is paid on the date that is three months after the 
mailing date of this notice and the patent issues on the Tuesday before the date that is 28 weeks (six and a half 
months) after the mailing date of this notice, the Patent Term Adjustment will be 820 day(s). 

If a Continued Prosecution Application (CPA) was fUed in the above-identified application, the filing date that 
determines Patent Term Adjustment is the filing date of the most recent CPA. 

Applicant will be able to obtain more detailed information by accessing the Patent Application Information Retrieval 
(PAIR) WEB site (http://pair.uspto.gov). 

Any questions regarding the Patent Term Extension or Adjustment determination should be directed to the Office of 
Patent Legal Administration at (571)-272-7702. Questions relating to issue and publication fee payments should be 
directed to the Customer Service Center of the Office of Patent Publication at l-(888)-786-0101 or 
(571)-272-4200. 
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Application No. 


Applicant(s) 


Notice of Allowability 


10/649,804 


CON NARY ET AL. 


Examiner 


Art Unit 






Fikremariam Yalew 


2136 





~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1 308. 

1 . This communication is responsive to 02/19/2008 . 

2. ^ The allowed claim(s) is/are 1-4 and 10-13 . 

3. □ Acknowledgment is madeof a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b) □ Some* c) □ None of the: 

1 . □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . □ Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. □ Notice of Informal Patent Application 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. M Examiner's Amendment/Comment 

8. 13 Examiner's Statement of Reasons for Allowance 
9. □ Other . 



PTOL-37 (Rev. 08-06) 
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DETAILED ACTION 

1. This office action correspondence is a response to the applicant's amendment 
filed on 02/19/2008. After reconsideration of the applicant's argument filed on 
02/19/2008, further search and through examination of the present application, claims 1- 
4,10-13 are found to be in condition for allowance over prior arts of record. 

EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided by 
37 CFR 1 .3 12. To ensure consideration of such an amendment, it MUST be submitted no 
later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Timothy G Beechen on 05/23/2008. 

3. The application has been amended as follows: 
In the claims. 

In line 2 of claim 3 please delete "compound". 
Please cancel claims 5-9. 

Reasons for allowance 

5 . In independent Claims 1 , 1 0- 1 2 are patentable over the closest references of Farley 

et al (hereinafter referred as Farley) US Patent No 7,089,428 B2 in view of Mcclure et al 
(hereinafter referred as Mcclure) US Patent 7,152,105 B2 and fiirther in view of 
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0'Sullivan(US Pub No 2006/0095569 Al) because they do not anticipate nor fairly and 
reasonably teach a computer-implemented method for determining network security 
threat level, comprising the steps of: receiving event data in response to identified 
network event detected by a sensor; based upon the event data, perform the following 
step: determining a source threat value, the source threat value based upon a source threat 
weight for a source IP address and a first range of IP network addresses of which the 
source IP address is a member ; determining a destination vulnerability value, the 
destination vulnerability value based upon the network event in conjunction with a 
destination IP address, a destination threat weight for the destination IP address, and a 
threat level value associated with a second range of network IP address of which the 
destination IP address is a member; determining an event validity value based upon the 
source IP address and an event type determining event severity value based upon the 
event type; calculating an event threat level value based upon the source threat value, the 
destination vulnerability value, the event validity value, and the event severity value; 
calculating a host threat level value based upon a summation of event threat level values 
for a host over a first time period associated with a number of correlated events for the 
host in the first time period; calculating a differential threat level by associating the host 
threat level value with a second host threat level value based upon a second time period 
wherein the second time period exceeds the first time period; generating at least one of: a 
threat report and threat presentation. 

6. In independent Claim 13 are patentable over the closest references of Farley et al 
(hereinafter referred as Farley) US Patent No 7,089,428 B2 in view of Mcclure et al 
(hereinafter referred as Mcclure) US Patent 7,152,105 B2 and further in view of 
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Friedrichs et al(US Pub No 2003/0084349) because they do not anticipate nor fairly and 
reasonably teach a method for determining network security threat level, comprising the 
steps of receiving event data in response to an identified network event detected by a 
sensor; determining an event type based upon the event data ; based upon the event data, 
perform the following steps: determining a first host frequency threat level value by 
summing event threat level values for a host over a first time period dividing by the 
number of correlated events for the host in the first time period; determining a second 
host frequency threat level value by summing event threat level values for the host over a 
second time period greater than the first time period and associated with the number of 
correlated events for the host in the second time period; and determining a differential 
threat level numerator by multiplication of the first host frequency threat level value by 
the second time period; determining a differential threat level denominator by 
multiplying the second host frequency value by the first time period, and calculating a 
differential threat level by diving the differential threat level numerator by the differential 
threat level denominator; generating at least one of : a threat report and a threat 
presentation based at lest on the calculated threat level; and outputting the at least one of : 
threat report and threat presentation. 

Conclusion 

7. Claims 1-4,10-13 are patentable. 

8. Any comments considered necessary by applicant must be submitted no later than 
the payment of the issue fee and, to avoid processing delays should be clearly labeled 
"Comments on statement of Reasons for allowance." 
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Any inquiry concerning this communication or earlier communications fi-om the 
examiner should be directed to Fikremariam Yalew whose telephone number is 
5712723852. The examiner can normally be reached on 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Moazzami Nasser,can be reached on 5712738300. The fax phone number for 
the organization where this application or proceeding is assigned is 571-272-4195. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Fikremariam Yalew Art Unit 2136 

05/23/2008 

FA 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 
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